PFCLScan – New Competitive License Model

Welcome to the new website for our database scanner PFCLScan. The product web site previously was just a couple of pages on our main site. We have migrated to a bigger site to allow more content and information about PFCLScan to be added. Also we have a blog now!, this blog, welcome! please keep coming back to find more details of our products large number of features.

We are excited by PFCLScan and what it can do for you. It is a framework based product that is open in terms of how you can use and develop your own projects, policies, checks and reports. We have added great productivity based features to allow you to create your own relevant policies to test your own database security as well as use ours of course. We want PFCLScan to be the tool of choice to help secure your databases.

I thought i would cover three subjects in this first blog post:

A bit of history, how did we get here?

A little bit about the goals of PFCLScan

The new license model

A bit of PFCLScan History

The PFCLScan product has been around for a while now; we have not aggressively pushed it so far simply because we have been busy with training and consulting and audits ourselves. That is going to change this year, not aggressively of course but we are spending more time to promote PFCLScan; this blog post and this website being part of the promotion.

We do use PFCLScan in our own database security audits and our partners also use it to conduct audits. The development of the scanner started originally ten years ago but stopped pretty sharply simply because we had audits lined up and needed tools quicker so we embarked on developing audit tools in SQL, shell and PL/SQL. This continued until a few years ago with the tools in SQL and PL/SQL getting bigger and better. I then decided it would be great to be able to offer our tools to others as at the time we had partners who were using them to conduct audits for us. There is a little about our SQL*Plus tools here http://www.petefinnigan.com/weblog/archives/archive-072011.html.

Some head scratching and planning took place to design what would become PFCLScan, what it should look like and how it should work. Some of the design ideas will be discussed later so i will not shoot off at a tangent now. The core engine is written in C and uses OCI to connect to the database. A simple test harness with the first version of the core engine is here http://www.petefinnigan.com/weblog/archives/00001162.htm. The graphical user interface is written in .NET but all of the “engines” allow a multi-faceted array of tests to be created and run either through the GUI or on the command line to make integration easier with other products and systems.

A Bit About Goals

The product had two main goals; the first to allow end users to scan and test a database for security issues as quickly and easily as possible. The second goal was to broaden the scope of database vulnerability scanners and make it structured, powerful but most importantly make it easier for anyone to create their own policy suitable for their own environment and to then be able to scan all of their databases with their policy. This is the main goal and I will expand on that in a future post with more details on how we do this.

Simple Competitive License Model

The final part of this first post is to introduce the simple competitive license model. Not only did I want PFCLScan to be useful in terms of being able to customise and create your own policies that suit your data security requirements simply and quickly BUT i wanted people (customers) to get great value also from this. The current trend is to license for each database to be scanned. I want to change that and bring a database security product that is installation based not target based in terms of licensing. Bring it more mass market and affordable for much more people. So after some discussions and planning we have just launched out new license model. There are now just two licenses, both are annual subscription based licenses:

The “Pro” License allows you to install PFCLScan on one PC and scan an unlimited amount of databases. This is great for an internal auditor, and external auditor or indeed a DBA. The price today is £849 + VAT or other taxes (as or if applicable) for the initial annual license fee. Even better if you stay with with us and renew your license then the current renewal fee for another year for the Pro license is just £450 + VAT or any other relevant taxes

The “Enterprise” license allows you to install PFCLScan as many times as you need within your organisation and for each of the installations you can scan an unlimited number of database targets. This is a great license for an organisation who wants to scan all of their databases for compliance or for a company with multiple auditors. The only stipulation is that you install in your own organisation and you scan databases that are part of your normal business. The initial annual fee today for the “Enterprise” license is £2,495 + VAT or any other relevant taxes. The great news again is that if you stay with us the annual renewal license fee today is £1,350 + VAT and any other relevant taxes.

The license model is subscription based and must be renewed each year to keep using PFCLScan. The license includes support which is provided via our website ticket system. All support is remote and we do not offer site visits or phone support unless we agree it with you because its prudent for us to resolve your questions faster. During the license period as long as you remain licensed you will receive all minor and major updates to PFCLScan and all updates to policies, reports, projects, checks, signatures and more.

We think this is a great deal and we want to get people auditing their Oracle databases for security issues at a cost that everyone can afford.

Coming Soon

In this blog we will talk about our goals for PFCLScan and more about how it works. We are also going to add much more to this website to show all of the main features of the software and how it can provide value for you.

Up-coming blogs will include, features, goals and some hints about the product road map and what we will be adding to PFCLScan. we will be back here soon with more info!!